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The  overall  objective  of  the  research  has  been  to  investigate  software 
development  process,  automated  testing  tools,  and  development  techniques 
for  improving  reliability  of  large-scale  software  systems.  In  order  to 
accomplish  this  objective,  a preliminary  survey  on  reliability  and 
Integrity  of  large  computer  programs  has  been  conducted  and  a scheme 
has  been  proposed  as  a reasonable  approach  to  developing  reliable  large- 
scale  software.. 
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1 . In^rDduc*^ 

This  report  SL.mT)nr  izes  tre  firdinns  of  ‘he  reseoror  stipDort- 
ed  py  the  U.  S.  Offioe  of  V;iv.il  Heseor  .‘h  Gffioe  under  *he  con- 
tract NOOOI 4-7*}-', -04'}‘>  for  trree  years,  Novemper  1*},  t ‘i  trrounh. 
Septemper  ''4,  I'lost  of  the  results  reported  here  have  been 

published  in  technical  papers,  hh.d.  <i  i s lert  at  ions  , and  M.S. 
resear^t.  reports  cited  in  the  Heferenoes.  It  is  gratefully  noted 
that  ten  graduate  students  have  been  supported  by  the  grant  to 
pursue  advanced  degrees  at  the  University  of  California,  Berke- 
1 ey  . 

The  overall  objective  of  the  research  has  been  to  investi- 
gate software  development  pro.:!e3S,  automated  testing  tools,  and 
development  techniques  for  improving  reliability  of  large-scale 
software  systems.  In  order  to  accomplish  this  objective,  a prel- 
iminary survey  on  reliability  and  integrity  of  large  computer 
programs  has  been  conducted  and  the  following  scheme  has  been 
proposed  as  a reasonable  approach  to  developing  reliable  large- 
scale  software 

(1)  Sped  f ication.  of  the  system. 

(?)  uesign  oi  the  structure,  decomposition,  and  modularliza- 
tion  of  the  system,  with  the  specification  of  each 
module. 

(3)  Coding  of  the  system  in  a suitable  programming  language. 

(4)  uebu  o,  integration,  and  check  out  of  the  system. 

(5)  ooft  ■ aluation  and  partial  validation  with  »Jie  help 

of  automated  tools. 


(b)  Sof'w.ire  fail-j.jfe,  f.j  il  - : *»  i ns  * wn  . 

(7)  7aliJ.iMori  of  prob*‘^‘*.  ion  an-J  3^  *i.ri*,y  neaS'irej. 

In  or  ler  to  ao*onplijr  trp  overall  objective  al  on^  tl"  is  jcreme, 
t^  e following  researcf  areas  fave  been  set  and  S'jbs*  intial 
results  have  been  obtained  in  each  area: 

(1)  Design  and  development  of  tfe  FOKTHA.N  Automated  Code 
Evaluation  System  (l-ACES). 

(?)  I nvestigations  in  software  requirements  and  specifica- 
tions. 

(3)  Software  performance  evaluation  based  on  dynamic 
anal y si s. 

(^)  Design  and  development  of  an  adaptive  compiler. 

Tfese  sub-objectives  are  intended  to  improve  reliability  of 
software  systems  in  production,  testing,  and  maintenance  stages. 

We  shall  briefly  discuss  our  findings  in  these  resear 'ri 
areas  in  the  following  four  sections,  one  section  for  each  area 
in  the  above  mention»?d  order.  A summary  section  will  be  found  a* 
the  end  of  this  report. 


?.  Desij^.n  and  J*?  ve  lopnon*.  of  * KOHTKA.N  Aij'oma*'^!  Cod**  Evalua- 


tion System  (FACt.S) 


SiRriifioant  prournss  l^as  made  in  tre  proof  of  projirarn 

correctness  techniques  in  recent  years.  Moweve-,  tl  i s approach 
is  not  yet  feasible  for  lart^e  scale  systems  because  of  compleni'.y 
and  r.  i(7,h  cost  of  implementation.  Hence,  program  analysis,  test- 
in^f,  and  evaluation  are  still  amonjf,  the  most  el  I'eotive  means  tor 
attaining  and  asiurinp;  software  quality  in  practice.  The  t eas  i- 
bility  of  improving'  software  reliability  a'^d  quality  ‘hrour.h  ‘re 
use  of  automated  software  tool  has  been  investigated.  [?]  Au- 


tomated 

software 

evaluation 

can 

be  defin<“d  as  the 

pro^ss  of 

ch  eck  1 ng 

p r es  e n ce 

or  absence 

of 

certain  software 

attributes 

(characteristics)  throughout  the  life-cycle  of  a software  system 
for  ascert  aininj^  software  quali'y.  The  aevelopment  of  the  f ACES 
system  has  undergone  the  lol  lowing  phases.  First  of  all,  the 
software  development  process  was  analyzed  to  identify  areas  where 
tools  are  applicable  and  the  fundamental  notions  underlying  these 
software  tools  were  identified.  Second,  basic  techniques  for 
progr,in  analysis  were  introduced,  i.e.  static  and  dynamic 
analysis  techniques.  Static  analysis  examines  the  static  source 
code  to  uncover  errors  and  inconsistencies  among  modules.  Dynam- 
ic analysis  examines  run  time  program  behavior.  Third,  three 
major  categories  of  software  tools  (i.e.  program  source  code 
analyzers,  runtime  analysis  tools,  and  program  testing  aids)  and 
their  limitations  were  analyzed  in  detail.  Finally,  cased  on 
these  analyses  the  design  and  implementation  of  the  hORTMAN  Au- 
tomated Code  fcvaluation  System  (FACES)  was  conducted. 


KACK3  13  a Vool  I .■»r  *»■*•  'lHvel.->p- 

men*^,  *eo‘.iri(^,  -no  ii  f Lea*  ion , anl  main'-enanee  of  KORTHAN  pr-).7*am3. 
FACtS  13  capable  of  performing  (U  .oour.'H  eode  analyst:,  (?) 
run-'vime  analysis,  and  ( '•})  au'-oma'ed  .-ase  f;enera*,ion  of  * fe 

inpu*.  FORTRAfJ  proTams.  Tfese  fune*,ions  ar**  oerformed  by  * f e 
corres  pond  i n>5  Au*0'na*ed  I n*-errona*- ion  KoL.*.ine  (AIR),  ‘.r#*  jynani.' 
Analyzer,  and  *>fe  Tes*  lase  Jenera'^r  (CASKIK’D  as  depie'ed 
Figure  1.  A major  desifiin  objective  of  FACK3  is  flexibility. 
FACFS  is  provided  a lanRua^e  pr  epro.?es  sor  at  ict  ‘ranslorms 

tbe  source  information  to  be  analyzed  to  an  appropriate  tabular 
repr  esent  at  ion  in  a data  base.  If  e tabular  represent  at  ion  i;  a 
transact  lonal  format  of  program  operations  wf  iof  is  relatively 
free  of  implicit  lan(f,ua(?e  properties.  Usinj?  prepro.'es  sors , FA.'ES 
can  be  adapted  to  validate  proRrams  written  in  different  proRram- 
ming  languages,  e.g.  COBOL  pro.)rams. 

In  addition,  tfe  construction  of  the  data  base  is  intended 
to  provide  a convenient  means  of  retrieving  various  program  at- 
tributes. Tfe  pfilosopf.y  is  ‘-o  relieve  the  analyzer  of  the  tedi- 
ous process  of  examining  the  source  information  required  to  vali- 
date the  program.  Furthermore,  the  data  base  forms  the  basis  for 
other  validation  techniques,  thus  avoiding  duplication  of  ef- 
forts. The  data  base  generated  by  the  language  preprocessor  con- 
sists of  three  main  tables:  (1)  symbolic  table  in  which  symbolic 
elements  of  the  input  information  such  as  variable  names,  labels, 
subprogran  names,  etc.  are  catalogued.  (?)  Use  table  which 
records  how  and  where  in  the  input  source  information  the  symbol- 
ic element  is  referenced,  e.g.  where  calls  appear  to  subroutines 
and  what  are  the  variables  involved  in  an  assignment  statement. 


The  use  ♦able  allots  ques‘^ions  eon  •ernirn;,  *re  u :.n^e  of  variables 
-o  be  answered  easily.  (1)  n.t  le  ‘able  wl  i-l"  reeard'  * ("e  praj’''Tn 
ri.%i  structure.  T^  e strue*.ure  of  a praRram  i*  -no  le  i le  1 as  a 
directed  urapl  wilt  eaob  statemen*.  represented  by  a eode.  Tfe 
node  table  is  essential  for  structural  analys**:.  Tf  e ;e  tables 
are  not  independent  of  each  otfer  and  trey  ar#*  usually  linKen 
together  by  logical  assertions  so  that  the  novemen*  from  one 
table  to  another  causes  a logically  related  item  to  be  addressed. 

Automated  Interrogation  Routine  (AIR)  interprets  queries  and 
automatically  searches  the  data  base  for  the  specified  language 
constructs.  The  types  of  queries  include  (A)  software  quaii*y 
checks,  (B)  specific  user  requests,  and  (C)  documentation  pr.oduc- 
tion.  Software  quality  inspection  queries  are  a set  of  applica- 
tion independent  queries  used  to  improve  the  reliability  and 
quality  of  software  systems.  These  queries  perform  (1)  error 
prone  construct  identifications,  (?)  interface  checks,  (3)  pro- 
gram structure  tests,  (U)  coding  standard  ch^ckes,  and  (5)  unini- 
tialized variable  check.  Specific  user  requests  queries  allow 
users  lo  specify  queries  and  then  automatically  searches  the  data 
base  for  the  user-specif ied  language  constructs.  Users  may 
specify  the  area  of  search  to  be  the  entire  software  system  or  an 
individual  routine.  Document  generation  extracts  information 
from  the  data  base  to  generate  various  cross-reference  tables  and 
program  structure  diagrams.  Some  of  these  are  variable  versus 
statement  cross  reference  table,  subroutine  calling  sequence 
table,  COMMON  block  versus  subroutine  cross  reference  table,  and 
progran  graph.  * 


The  Dynamic  Analyzer  performs  dynamic  analysis  which  is 


baoioally  a pro-vs;  at  •joftwart?  inp.  cans!;*- in  K of  Irivinn  ‘.re 

pro*^ram  wir,r  ‘fe  ♦ es*-  inpu'  , vabservinK  •.re  run  •.  ime  ppaj^ram 
bet.jvior  and  evalua'int?,  ‘.re  ou*-pu*-S.  P.  carries  ou*  bo*<r  vali  Ja- 
-ion  f unctions  suer  as  error  diaj^nosi  ; aM  p-rf orma” 'e  •»valua- 
‘..ion.  For  •. r is  purpose,  supplemen'.al  c.adps  (monitors)  ire  in- 
serted inside  the  tartlet  source  pros^ram.  •^oni‘.o'"S  perforr,  fre- 
quency mon  i*>3  ri  nir, , variable  value  tracinji, , and  execution  patr 
tracing.  Capabilities  for  oheckinir  user  specified  atsertions 
rave  also  been  implemented.  Assertion  creoKS  can  be  viewed  as 
intentional  software  redundancy  *o  improve  program  reli  lOili'y. 
Assertions  can  be  any  lethal  FORTRAN  conditional  expressions  in- 
serted into  tr.e  program  source  code  comment;.  AlO'V.  wi‘r  *re 
development  of  tr.e  Dyn.imic  Analyzer,  treoretical  wopk  r as  been 
directed  into  finding,  a minimal  set  of  moni'ors  and  tteir  loca- 
tions [5,6,7,81  Suer  tr.at  tre  amount  of  overreid  (extra  3torai:;e 
and  time)  incurred  during.  pro^Tom  execution  is  minimized. 

rre  Automated  Test  Case  Generator  (CASFiF.N;  [9t’3,’'’]  r a ; 
been  designed  and  built  to  p,enerate  test  data  automa*  ical  ly  foe 
testing  FORTRAN  programs  and  consists  of  trree  major  components: 
(1)  Patr  Generator,  (?)  Patr  Constraint  Generator,  and  (3)  test 
Data  Generator.  A schematic  diagram  of  CASBGEN  is  given  in  Fig- 
ure ?.  Tr.e  Patr  Generator  acces.ses  tr.e  common  data  base  and  gen- 
erates a near  minimal  set  of  paths  to  cover  all  edges.  The 
theoretical  basis  for  finding  a minimal  set  of  paths  has  been 
investigated  and  the  results  influenced  the  design  and  implemen- 
tation of  CAStDEN.  [11]  To  allow  easy  analysis  of  program  struc- 
ture, a program  is  modelled  as  a directed  graph  in  which  nodes 
represent  program  segments  and  branches  represent  program  flow  of 
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control.  Witt".  tJ'i:*  model  .in  .il  .^ori  tl'ti  of  li''*».ir  eomplexi'y  for 
findi'm  .1  SLib$et  of  patfo  needed  to  iX)ver  all  branofe;  r.io  been 
developed.  11?J  Given  the  p.ith.:,  the  P.ith  Constr.i  int  Generator 
Li-sei  forward  subst i*xit  ion  to  3yntresi7e  the  appropriate  o.on- 
straints.  Loops  and  array  references  are  treated  with  special 
concern.  [13]  The  OL»‘put  of  the  Path  Constraint  Genera*  or  is  a 
set  of  equality  and  inequality  constraints  on  the  input  vari- 
ables. The  Test  Data  uenerator  systematically  assigns  values  to 
the  input  variables  until  all  the  constraints  are  satisfied, 
usinp,  random  numbers  to  (generate  inputs.  [ ’ 1 ] 

During  the  development  of  FACES,  it  became  clear  that  an 
interactive  system  would  reduce  the  complexity  and  increase  tre 
efficiency  of  the  testing  process  by  enabling  programmers  to 
guide  FACES  in  its  testing  decisions.  <Jith  this  in  mind,  the 
design  of  a prototype  of  the  Interactive  software  Evaluation  Sys- 
tem (iSES)  has  been  completed.  Ill]  ISES  augments  FACES  to  pro- 
vide an  interactive  environment  in  which  a large  software  sys‘em 
can  be  developed,  validated,  tested,  and  maintained.  ISES  allows 
users  to  edit  and  then  submit  prvograms  to  FACES  for  analysis  in 

an  interactive  mode. 
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i.  Software  he  ju  . ; ail  ;>pe  • i f loaMois 


Tl'e  praDlern  of  >Df*ware  rel  i ab  i 1 i ’.y  eai  be  a*.*a.-i<ei 
(Jiffereit,  bu*  • imp  1 e-nei*  i v.  i.e.  by  level  ipiip.  be* ‘er 

me*.ro'l.';  of  iofware  oou*  ruv'*.  ion  ami  by  level  ipmei*  af  b*** ‘er 
vjli>la*.ion  ‘^eor  n i'l  ue,i  aid  ‘lol-:.  A lof’waro  ; pe  *1  f ica  * ioi  : .•  * <»m 
its  grea*  es*  .‘on*-ribii‘ ion  *.o  mo^^  reliable  lof'wa-e  rigf*  a* 
tfe  beginning.  Tfe  basic  ib 'e  •*  ive  is  to  allow  sys'em  je  ig^ers 
to  ray  what  is  intervled  to  be  doie  preci;ely  so  ‘fa*  program*,  •n 
be  coded  ii  a more  effioieit  way.  Moreover,  freiuei*  c»'eci<iegs 
are  possible  tiroLigf  pijt  tCe  developmeit  period  ‘o  a3SL.''e  a cer- 
taii  degree  of  ao(-  ievement  at  any  point  of  * ime  dijri-ig  develpp- 
me  nt. 

A software  sped  fication  system  should  be  formal  enough  tor 
a variety  of  mechanical  checkings  such  that  there  is  a definite 
degree  of  achievement  as  the  design  proceeds.  The  most  important 
ingredient  of  a specification  system  is  the  sped  f icat  ion 
language.  A preliminary  design  of  such  a language  has  been  con- 
ducted. [1M]  Its  main  application  area  is  in  large-scale  real- 
time software.  The  following  specifications  are  included  in  the 
language:  (a)  data  sped  f ications , (b)  process  specifications, 

(c)  interaction  specifications,  and  (d)  performance  requirement 
specifications.  These  four  categories  together  cover  most  of  the 
areas  in  which  software  errors  (especially  during  the  design 
phase)  are  d i scovered . The  problem  of  the  language  processor 
have  also  been  briefly  considered  to  the  extent  that  the  amount 
of  required  processing  becomes  fairly  apparent. 

The  principles  underlying  and  a system  for  computer  entry. 


> 


I 


} 


I 

I 


■^1 


ropr e.5e'i‘ .1*  ion  , on  l ,in  »ly.;i;  of  i "peoi  f io;j*  ion  1 (Jf»:orin- 

im;  a * ar>?t‘*-  ;y;*ern  f .i.j  Peen  devnlopefj.  I’OJ  i r e ';K?c*i  lio.iVion 
lan)?ua>?e  is  a *,op-Jowr!  fierard-ical  modul e-or i <»n‘.e<J  ifyziff.n,  wi‘,f 
a par'.ictilar  emp»’  u i ; on  abs'rac*.  ion  as  a 'ne  -f  ani  jm  for  o'"r.ani/- 
in^  funolion.;  of  r,ro  sys‘*.*'n  and  lor  deiayinr,  ‘-fe  dn  ;crip*  ion 
of  low-level  de’.ails.  opeei  f i .*0  * ions  for  -a  nodtjle  ir*‘  .^rotiped 
i.n‘o  irree  basic  catef'ori  : in'^erfaces,  coveri'v,  * fo.:e  aspec'.s 
of  a .'Dodple  seen  from  ^fe  oiitside;  a^*''ibu*e3,  d^^finin?,  Me 
operational  constraints  of  a Tiodul**  functioning  wiMin  tfe  en- 
vironment; and  l unctional  speci  f ications  , providini;,  cwons’ructs 
describing  tbe  functional  operation  of  a molule  ran(?.ing  tr.nm 
essentially  non-procedural  lorms  to  a full  capability  fo'*  defin- 
in)?  sequences,  iteration,  and  conditional  expressions.  Ire 
lanj?uage  is  interact  ive  ly  oriented,  designed  i or  use  witr  5opr  is- 
ticated  software  aids  that  provide  for  an  iterative,  step-oy-step 
progression  toward  the  completion  ol'  a target  system.  A rela- 
tional database  is  used  for  tie  internal  representat ion  of 
specification  constructs.  Analysis  techniques  include  the  use  of 
a formal  graph  model,  modular  analysis,  and  cross  checks  of 
internally  represented  information.  The  development  of  a 
specification/analysis  system  has  progressed  to  the  state  of  a 
prototype  implementation  design.  [15]  The  na*^ijre  of  the  system 
as  seen  by  the  user  has  been  clearly  identified.  txtensive  in- 
formation and  details  on  the  syntax,  semantics,  representation, 
and  analysis  of  the  speci f ication  constructs  have  been  provided 
to  enable  the  future  implementation  of  a working  system. 


nj 


4,  Software  Kerformanoe  Evaluation  Based  on  Dynamic*  Analysis  [0] 

An  approach  for  evaluatinp;  a^d  measuring  software  reliaoili- 
ty  r as  been  developed  by  exploitirv,  tf  c structural  properties  of 
pro(ir.jns.  In  tfis  approach,  the  prot^ram  structure  is  represented 
by  a directel  «raph  consistinK  of  a set  of  nodes  and  a set  of 
directed  arcs.  A no  le  can  be  defined  as  a computational  tasK 
which  consists  of  a linear  sequence  of  program  instructions  hav- 
ing one  entry  point  and  one  exit  point.  Each  directed  arc 
represents  a possible  transfer  of  control  from  the  exit  point  of 
a node  to  the  entry  point  of  another.  A node  may  have  several 
arcs  directed  to  its  entry  point  or  from  its  exit.  This  graph 
model  is  conceptually  simple,  origination  from  fl.ow  charts.  This 
model  has  the  advantage  of  the  ab'lity  to  represent  the  structure 
of  a program  at  any  level  of  abstraction  in  a clear  simple  way 
easily  interpreted  by  human  programmers.  A unified  theory  of 
program  frequency  measurement,  which  is  composed  of  arc  frequency 
measurement  and  path  frequency  counting,  has  been  proposed  to 
collect  information  about  the  dynamic  behavior  of  programs.  The 
optimal  sites  for  such  instrumentat  ion  has  been  given,  which 
enable  us  to  minimize  the  measurement  overhead  [5,6].  uther 
measurement  of  the  behavior  of  critical  variables  in  the  program 
has  also  presented.  All  these  instrumentation  tools  can  be  in- 
serted automatically  after  an  automated  analysis  of  the  program. 
Automation  is  essential  for  these  tools  to  be  applicable.  Other- 
wise, programmers  will  be  reluctant  to  use  them  due  to  inconveni- 
ence and  unreliability. 

The  philosophy  of  structural  program  testing  emphasizes  the 


role  of  prot^r  im  ire  ir  Me  Te.'iK'n  of  effective  '.er>\5, 

jiveo  .1  ;e*  of  v 1 1 ifi  inpi.*,;,  Me  pro^r;im  nefiera‘.eo  a dyTamie  pro- 

oeio  r,o  oorry  ou'  Me  oppropr  i >t*,e  oo^ivi'ie?  Ma‘>  *,f  e pr  .■x^nm'ner 
1 JO  presoripe.j  . Tre  p'-our  m is  oorree*,  if  anM  only  if  M'e  (jyn.jm- 
i provsies  ;*  t?enerai.es  are  oorrec*.  ft'Cen  a pro. •ess  *^er- 
•niiiai.es,  will  correspond  to  a path  (not  neee.siarily  a simple 

path)  for  tre  e”!*ry  node  to  Me  exit  node  of  tie  proa.ram  ^rapr. 
The  nuimber  of  Me  le.^al  pro-.vs'.es  that  can  be  (generated  by  a pro- 
gram is  an  astronomical  number.  An  effective  approach  ‘-o  simpli- 
fy this  problem  i'  to  group  proce.s.ses  into  equivalence  classes  by 
neglecting  derail  differences  among  the  pra>.cesses  in  the  same 
class.  In  termes  of  the  graph  model  the  formation  of  equivalence 
classes  corresponds  to  the  contraction  of  groups  of  nodes  into  a 
larger  node.  This  formation  is  carried  ou‘  au  torna  t ical  1 y or  with 
the  help  of  human  programmers.  Structural  program  testing  re- 
quires the  examin.jtion  of  the  program  graph  and  the  selection  of 
a particular  patr.  (hence  the  correspond i ng  process;  to  be  tested 
every  time.  Depending  on  different  testing  requirements  cri- 
teria, the  path,  selected  to  be  tested  may  be  aifferent.  Design- 
ing tests  in  this  tashion  has  several  advantages  .such  as  allowing 
us  to  distribu'e  our  testing  effort  to  test  different  parts  of 
the  program  in  different  tests  and  ease  of  generating  the  reason- 
ableness checks  on  the  test  output  and  of  veritying  that  the  test 
data  really  test  the  process  we  have  in  mind.  In  order  to  ac- 
tivate a particular  process  test  input  data  should  be  designed  to 
"sensitize"  the  corresponding  path  in  the  graph.  A simple  method 
has  been  presented  for  this  sensitization.  A strategy  called 
"rollback  testing" 


similar  to  rollback  and  recovery  in  fault- 


^oleran»,  L'amp..*  ;on  K a.;  De*''i  propojfl  tor  'le  ? ip/i  i'V.  effe--- 

tive  -est,3.  ! ’i  a*  ion  for  .;‘-riio^ur  al  analyjij  al"o  ^ive; 

us  valuable  i nf  orma  • ion  bo  rewribe  parbs  of  a pronram  bo  improve 
exeju*  ion  e(  t i..’i»»Mov  of  bre  program. 

3orne  quan'iba'ive  measures  for  bfe  imporbanb  parame'ers  of 
bbe  qualiby  of  programs,  i.e.  reiiabiliby,  m.a  i nbenab  i 1 i by  , and 
ava  ilabi  li  by  , rave  been  derived.  Tfe  reliabili‘y  of  a program  is 
expressel  in  berms  of  bie  qualiby  of  bfe  service  bfe  pr>f'ram  pro- 
vides bo  bhe  user.  Ib  was  sfown  bhab  sofbware  reiiabiliby  can  be 
modelled  by  a simple  '-larKov  model.  Albr.oup.r.  bbis  model  is  boo 
simple  for  accurabe  predicbion  of  bfe  quali‘y  of  oroi^rams,  bre 
model  indicabes  bow  bo  improve  reiiabiliby  of  prop.rams  effecbive- 
ly.  A program  can  be  said  more  ma  i !■!■•,  a in  ab  le  if  bre  "ripple  ef - 
fecb"  caused  by  bre  inberacbion  amdpp,  modules  is  small.  ’■*ainbe- 
n a bill  by  of  a program  b as  been  modelled  by  a graph  model.  As  in 
bbe  case  of  bbe  reiiabiliby  model,  bhis  simple  model  is  nob  in- 
tended bo  be  an  accurate  predicbion  of  bbe  expecbed  number  ot 
changes  for  every  maintenance. 


5.  Ada  p*:..at3le  Compil^^r  M b , Y , i d J 
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Software  ‘.ool;:  for  ‘.es'int?  and  lebuKKi’V,  larre  pra^ram.';  .juct' 
as  KACKS  discussed  in  ‘.("e  p.-oviaus  section  are  amotv,  bt-e  facili- 
ties available  to  users  for  tie  deve  1 opment  of  larp.e  proj^rams. 
Tie  cost  incurreci  in  rna  int  a in  i n>;  existint^  software  is  also  im- 
mense in  an  always  cl.anping  environment  and  usually  surpas^s  ‘he 
original  development  cost.  One  approach  *.o  reduce  maintenance 
cost  of  prop, rams  is  ‘x>  enhance  software  portability  a”d  adap*a- 
bility,  which  are  most  influenced  by  the  apolication,  ‘he  host 
language,  and  the  system  support  (i.e.  compil*'^;,  ope-ating  sys- 
tems, hardware  organizat ion  ) . 

With  the  decreasing  hardware  costs,  apolication  of  minicom- 
puters is  beccming  common.  A limiting  factor  to  small  mach  me 
application  is  the  development  of  appropriate  software  sys'ems 
having  good  portability  and  adaptability,  since  their  properties 
vary  diversely  and  individual  capabilities  are  limited.  ilere- 
fore,  a software  system  development  *.ool  for  minicomputer  * y pe 
architecture,  called  the  Multi-Mini  Computer  Compiler  IMMCC)  r as 
been  investigated  as  a solution  to  this  problem.  Specific  areas 
studied  include:  (1)  design  of  a machine  independent,  but 
minicomputer-oriented  intermediate  language,  (?)  formalizing  tre 
description  of  the  minicomputer  programmable  resources,  (3)  au- 
tomatic translation  of  the  intermediate  language  instructions 
into  individual  minicomputer  assembly  instructions. 

in  MMCC,  the  high-level  application  language  is  first 
translated  into  the  mi nicomputer-or iented  intermediate  language, 
called  the  Meta  Assembly  Language  (MAL).  ihe  MAL  is  then 


r atvsl  a * <*j  int-o  synb-olic  a5'.embly  lanRuap.e  of  ‘he  mi omp‘i* - 

er  whose  de  so -"i  p*  ion  is  proviled  as  par.ame'rie  inpuib  ‘aT  V’I''''.  A 
typical  bar^e*  maitine  description  includes  pro>-essor  or^’.-iniz  i- 
tion,  word  size,  a 1 Ires  jint',  S'‘l'.emes  and  tie  ins'ruction  set.  A 
finite  sbate  mode]  ot  code  t^.eneration  has  been  built  into  tr.e 
automatic  code  ^eneratint^  system.  This  model  is  automa*  ical  ly 
reconf  if'ur  ed  for  each,  new  target  machine  accordint*  to  its 
description.  MMCC  (generates  code  by  mapping,  the  '■1AL  instruc- 
tions, line  by  line  to  those  of  the  tan^e*  ma  + ine.  Code  (genera- 
tion process  is  directed  by  the  fini*.e  state  transitions  and  the 
description  of  tar(^et  mach.  ine  programmable  resources. 

This  compiler  is  hi(?h.ly  adaptable  to  the  execution  environ- 
ment since  the  object  code  compatible  with  the  tarp,e‘  machine 
will  be  produced  fr  jn  a description  of  the  intended  tari^e* 
machine's  res.Xirces.  Development  of  ‘■^MCC  brin(^s  alont'  several 
advantai'.es  not  presently  available  in  conventional  compilers. 
'dMCC  increases  the  pool  of  available  qualified  personnel,  pro- 
motes uniformity  of  software  systems,  reduce;  education  time  when 
personnel  shifts  are  required,  and  permits  more  (graceful  transi- 
tion among  machines.  The  designer  will  be  able  to  separate 
development  activities  associated  with  logical  system  functions 
from  target  mat^,  ine  operational  quirks.  This  added  flexibility 
allows  the  software  and  hardware  designer  to  proceed  concurrent- 
ly. Also,  automated  tools  may  be  developed  to  test  each  activity 
in  the  absence  of  the  other,  thus  resulting  in  speed-up  in  pro- 
duct ion  t ime. 

The  Meta  Assembler  for  TI9bOA  and  for  HP  ?100A  minicomputers 
have  been  implemented  on  the  CDC  0400,  using  PASCAL  as  tne  host 
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T>- **  experie?Mce  with  the  meta  an semb  le r shows,  provide*! 
the  user  of  the  system  is  familiar  with  the  tarp;et  ma.-hire,  tr  at 
the  MAL.  abstract  machine  and  the  formalism  wh  i ’h  describes  the 
machine  features  (i.e.  the  machine  specification  lanf'uak'.e ) , ‘,(-e 
efforts  required  to  adapt  a new  target  environment  are  surpris- 
i ng  ly  s.ma  1 1. 
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6.  ijummary 


This  report  oumnar  izes  t^e  reseirot'.  rir!(lin?,s  obtainel  ij^ler 
tl'e  contract  'iOQO'.  . ^'^••oyeral  1 objective  of  itnprov- 
int^  reliability  of  lari^e-oca  le  softwarp  sy3‘ems  fa.s  be^n  liviJeJ 
into  four  sub-ob  ject  ives,  i.e.  'leve  1 v-)pmen‘.  of  tre  KORFH/UJ  Au- 
tomated Code  hvalua‘.ion  Sy3‘eiTi,  software  re'jui '•ements  and  specif- 
ications, software  performance  evaluation  based  on  lynamic 
analysis,  and  adaptive  compiler,  Tfe  F'ORIHA’l  Automatel  Codp 
Evaluation  System  (FACES)  Fas  been  implemented  based  on  tFe 
results  of  several  tfeoretical  studies  sucF.  as  optimization  ol 
monitors  and  minimal  set  of  program  execution  pa‘r.s.  In  tFe 
study  of  software  requirements  and  speci  f icat  ions , a 
•speci  ficat  ion/an  al  y s is  system  bas  been  developed  to  tFe  prototype 
implementation  design.  A structural  theory  has  been  proposed  and 
applied  for  software  performance  evaluation  based  on  dynamic 
analysis.  Finally,  a sofhware  system  development  tool  for  mini- 
computer type  architecture  has  been  investigated  as  a solution  to 
improve  adaptability  of  software  systems. 
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